There are several threads concerning deactivating encryption by ecryptfs on a home directory. A selection is listed below. All (seem to) suggest that the current home directory will be wiped out by the process of removing encryption.

The output of ecryptfs-setup-private --undo says

In the event that you want to remove your eCryptfs Private Directory setup,
you will need to very carefully perform the following actions manually:

Since $PRIVATE is actually /home/user (the directory protected by encryption, please check), the current home directory gets emptied and deleted because of one's own doing through rm -rf $PRIVATE

I noticed one fellow's interesting remark on line 5. Reportedly https://askubuntu.com/a/10049/446253 did not find deleting home necessary, which is a very interesting hint. Making back-ups of data is good in its own right, but it's no immaterial thing if you could remove encryption without manipulating your user home content!

I am not certainly asking to put your own data at risk in place of mine, but could more experienced people judge whether a step 5 like rm -rf ~/.Private ~/.ecryptfs would be sufficient instead?

This could help out people who struggle with full disks to be emptied and cannot resort to network file systems because of encryption, for example.

1 Answer
1

I took courage and created an encrypted mock user, say unlockMe (owing no sudo rights). On the terminal I did the following:

log in as user unlockMe

$ ecryptfs-umount-private ## as per instructions no. 3

$ chmod 700 . ## as per instructions no. 4; . is \home\unlockMe

$ rm -rf ~/.Private ~/.ecryptfs ## unlike the instructions no. 5

exit the unlockMe profile

log in as another user

$ sudo ls /home/unlockMe whence I could see the unencrypted content. In contrast, in case of encrypted content, I would have rather seen the files Access-Your-Private-Data.desktop and README.txt

Also note that one does not need to uninstall the utilities (unlike instructions no. 6) -- obviously not, if other users keep on using encryption.

Tested with Ubuntu 14.04 LTS and package ecryptfs-utils version 104-0ubuntu1.14.04.4.

Out of this single experiment I would conclude that there is no need to move your data anywhere else to give up encryption.

One reserve that I still have is that these operations might not actually mean giving up encryption completely, rather making the folders visible, (breaking the outer shell, so to speak). The directory /home/.encryptfs/unlockMe still seems to be storing a lot of information in encrypted form. So it might well be that there much more going under the surface, and I await expert answers here.